Oct 25 2006
Traditionally we have seen the majority of computer security research being aimed at remotely available network services, or at local vulnerabilities in privileged applications that allow for privilege escalation.
But like all things, times are changing. Recently there has been a serious spate of vulnerabilities found in various file formats, with Microsoft Office documents proving especially vulnerable to exploitation. Now there is a new kid on the block.
There are a wide variety of components in an operating system that run at highly privileged levels (sometimes referred to as kernel mode). A number of these take user input, network code, device drivers, file system support, etc. This last item is now being targeted by a new tool called “fsfuzzer (File System FUZZER) which is actually a wrapper program for an older fuzzing tool. In a nutshell fuzzing tools create or modify data that is normally formatted in highly specific ways (i.e. a text file, HTML, a file system layout) and create malformed versions of it. This tool has now been publicly released, giving attackers a powerful new option when attacking systems locally. It should be noted that this tool allows attacks to be launched against virtually any operating system that supports common file systems such as iso9660 (a common CD-ROM file system format) for example.
http://projects.info-pull.com/mokb/fsfuzzer-0.6-lmh.tgz
Related posts:
Posted by Kurt.Seifried on Wednesday, October 25th, 2006, at 12:00 am, and filed under Articles, Future Forecast, Quick News.
Follow any responses to this entry with the RSS 2.0 feed.
You can post a comment, or trackback from your site.
Post a Comment